“In a recent engagement, a SQL injection vulnerability on an external web application was exploited to gain access to an internal IBM MQ messaging queue, allowing the reading and manipulation of sensitive flight manifest data, including passport information.”